service

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2026 License: AGPL-3.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrEnrollmentCapacity  = errors.New("enrollment capacity reached")
	ErrPendingNotFound     = errors.New("pending enrollment not found or expired")
	ErrSecretMismatch      = errors.New("credential secret mismatch")
	ErrDeviceAlreadyExists = errors.New("device with this EK already exists")
	ErrQuoteVerification   = errors.New("quote verification failed")
)

Functions

This section is empty.

Types

type ACMEService 

type ACMEService struct {
	// contains filtered or unexported fields
}

func NewACMEService 

func NewACMEService(acmeStore *store.ACMEStore, deviceStore *store.DeviceStore, pdns *dns.PowerDNSClient, cfg *config.Config, logger *slog.Logger) *ACMEService

func (*ACMEService) CleanupLoop 

func (s *ACMEService) CleanupLoop(ctx context.Context)

CleanupLoop removes expired ACME challenges.

func (*ACMEService) CreateChallenge 

func (s *ACMEService) CreateChallenge(ctx context.Context, req CreateChallengeRequest) (*CreateChallengeResponse, error)

func (*ACMEService) DeleteChallenge 

func (s *ACMEService) DeleteChallenge(ctx context.Context, challengeID uuid.UUID, deviceID uuid.UUID) error

type AttestRequest 

type AttestRequest struct {
	Nonce    string
	Secret   []byte
	QuoteB64 string
	ClientIP net.IP
}

type AttestResponse 

type AttestResponse struct {
	DeviceID       uuid.UUID `json:"device_id"`
	Hostname       string    `json:"hostname"`
	IdentityClass  string    `json:"identity_class"`
	NexusEndpoints []string  `json:"nexus_endpoints"`
	Reenrolled     bool      `json:"reenrolled,omitempty"`
}

type CreateChallengeRequest 

type CreateChallengeRequest struct {
	DeviceID uuid.UUID
	Digest   string
	Hostname string // optional: defaults to canonical hostname
}

type CreateChallengeResponse 

type CreateChallengeResponse struct {
	ID   uuid.UUID `json:"id"`
	FQDN string    `json:"fqdn"`
}

type DeviceService 

type DeviceService struct {
	// contains filtered or unexported fields
}

func NewDeviceService 

func NewDeviceService(deviceStore *store.DeviceStore, accountStore *store.AccountStore, auditStore *store.AuditStore, pool *pgxpool.Pool, cfg *config.Config, logger *slog.Logger) *DeviceService

func (*DeviceService) CleanupPending 

func (s *DeviceService) CleanupPending()

CleanupPending removes expired pending enrollments.

func (*DeviceService) CompleteEnrollment 

func (s *DeviceService) CompleteEnrollment(ctx context.Context, req AttestRequest, verifier tpm.Verifier, nexusEndpoints []string) (*AttestResponse, error)

func (*DeviceService) SetCustomHostname 

func (s *DeviceService) SetCustomHostname(ctx context.Context, deviceID uuid.UUID, hostname string) error

func (*DeviceService) StartEnrollment 

func (s *DeviceService) StartEnrollment(ctx context.Context, req EnrollRequest, verifier tpm.Verifier) (*EnrollResponse, error)

type DomainService added in v0.1.1 

type DomainService struct {
	// contains filtered or unexported fields
}

func NewDomainService added in v0.1.1 

func NewDomainService(
	domainStore *store.DomainStore,
	deviceStore *store.DeviceStore,
	auditStore *store.AuditStore,
	resolver dns.CNAMEResolver,
	cfg *config.Config,
	logger *slog.Logger,
) *DomainService

func (*DomainService) AssignDomain added in v0.1.1 

func (s *DomainService) AssignDomain(ctx context.Context, deviceID uuid.UUID, domainID uuid.UUID, targetDeviceIDs []uuid.UUID) ([]*model.DomainAssignment, error)

func (*DomainService) CleanupLoop added in v0.1.1 

func (s *DomainService) CleanupLoop(ctx context.Context)

CleanupLoop removes expired pending domains.

func (*DomainService) DeleteDomain added in v0.1.1 

func (s *DomainService) DeleteDomain(ctx context.Context, deviceID uuid.UUID, domainID uuid.UUID) error

func (*DomainService) GetDeviceAliasDomains added in v0.1.1 

func (s *DomainService) GetDeviceAliasDomains(ctx context.Context, deviceID uuid.UUID) ([]string, error)

GetDeviceAliasDomains returns verified alias domain strings for a device.

func (*DomainService) ListAssignments added in v0.1.1 

func (s *DomainService) ListAssignments(ctx context.Context, deviceID uuid.UUID, domainID uuid.UUID) ([]*model.DomainAssignment, error)

func (*DomainService) ListDomains added in v0.1.1 

func (s *DomainService) ListDomains(ctx context.Context, deviceID uuid.UUID) ([]*model.AccountDomain, error)

func (*DomainService) RegisterDomain added in v0.1.1 

func (s *DomainService) RegisterDomain(ctx context.Context, deviceID uuid.UUID, domain string) (*model.AccountDomain, error)

func (*DomainService) UnassignDomain added in v0.1.1 

func (s *DomainService) UnassignDomain(ctx context.Context, deviceID uuid.UUID, domainID uuid.UUID, targetDeviceID uuid.UUID) error

func (*DomainService) VerifyDomain added in v0.1.1 

func (s *DomainService) VerifyDomain(ctx context.Context, deviceID uuid.UUID, domainID uuid.UUID) (*model.AccountDomain, error)

type EnrollRequest 

type EnrollRequest struct {
	EKCertDER []byte
	AKParams  []byte
	ClientIP  net.IP
}

type EnrollResponse 

type EnrollResponse struct {
	Nonce         string `json:"nonce"`
	EncCredential []byte `json:"enc_credential"`
}

type ErrValidation 

type ErrValidation struct {
	Message string
}

ErrValidation is a typed error for validation failures safe to return to clients.

func (*ErrValidation) Error 

func (e *ErrValidation) Error() string

type IssueTokenRequest 

type IssueTokenRequest struct {
	DeviceID     uuid.UUID
	Stage        int
	SessionNonce string
}

type NexusService 

type NexusService struct {
	// contains filtered or unexported fields
}

func NewNexusService 

func NewNexusService(nexusStore *store.NexusStore, auditStore *store.AuditStore, pdns *dns.PowerDNSClient, cfg *config.Config, logger *slog.Logger) *NexusService

func (*NexusService) GetActiveEndpoints 

func (s *NexusService) GetActiveEndpoints(ctx context.Context) ([]string, error)

GetActiveEndpoints returns WebSocket URLs for all active Nexus instances.

func (*NexusService) HealthCheckLoop 

func (s *NexusService) HealthCheckLoop(ctx context.Context)

HealthCheckLoop periodically checks for inactive Nexus instances.

func (*NexusService) Register 

func (s *NexusService) Register(ctx context.Context, req RegisterNexusRequest) (*RegisterNexusResponse, error)

type PendingEnrollment 

type PendingEnrollment struct {
	EKPubKey         crypto.PublicKey
	AKPubKeyDER      []byte
	AKName           []byte
	ChallengeSecret  []byte
	IdentityClass    string
	EKFingerprint    string
	ClientIP         net.IP
	ExpiresAt        time.Time
	ExistingDeviceID *uuid.UUID // non-nil for re-enrollment of active devices
}

type RegisterNexusRequest 

type RegisterNexusRequest struct {
	Hostname    string
	Region      *string
	BackendPort int
}

type RegisterNexusResponse 

type RegisterNexusResponse struct {
	HeartbeatInterval int `json:"heartbeat_interval"`
}

type TokenService 

type TokenService struct {
	// contains filtered or unexported fields
}

func NewTokenService 

func NewTokenService(deviceStore *store.DeviceStore, domainStore *store.DomainStore, issuer *token.Issuer, cfg *config.Config, logger *slog.Logger) *TokenService

func (*TokenService) IssueNexusToken 

func (s *TokenService) IssueNexusToken(ctx context.Context, req IssueTokenRequest) (string, error)

func (*TokenService) VerifyToken 

func (s *TokenService) VerifyToken(tokenString string) *VerifyResult

type VerifyResult 

type VerifyResult struct {
	Valid  bool               `json:"valid"`
	Claims *token.NexusClaims `json:"claims"`
	Error  string             `json:"error"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.